Revision as of 01:27, 17 August 2010

Trojan Project

As part of the COSC429 Information Warfare course, development of a Trojan module is required.

Background

The software should have command and remote modules, which are connected together via sockets. Functionality such as screen capture, key log capture and remote file browsing is required. Due to the complete assignment spec not being available, more functionality will be added later. The command module will be running on the attackers computer, while the remote module will be running on the targeted computer. Bypassing security and installing the remote component onto the targeted computer is not required. It is assumed that the remote module can be installed by a 3rd party and will be constantly running. Therefore, the focus of this design is providing the functionality required and ensuring secure communication.

Design Study

A current log of work spent on the project can be found here Design Project Log

Functionality

Basic

• Remote command channel
• Implant registration with server
• Screen capture
• Keyboard capture
• Target File browse
• File upload/download

Advanced Features

• Cryptographic channel protection
• Implant hiding
• Targer user list
• List of active processes
• Extract web history
• Extract email
• Audit log

Requirements

1. Secure - Components and communication of software should be secure and unable to modify
2. Maintainability - Easy to add new functionality (e.g. Multiple remote modules)
3. Extensible - Add additional software components easily (e.g. Software to deliver remote module onto target system)

Constraints

Remote and control module communication, processing speed and associated overhead costs.

Many of the tasks require use of the Win32 API. I'm not sure how this impacts on the implementation language choice. I know languages such as C# provide relatively straight forward access to this interface, but I'm not so sure it is so simple using Java. If anyone's reading this, I would be very interested to know what you think. You can leave comments at the bottom of the page, under the 'Comments' section. The language I choose to implement in must have support for serialization and an easy Win32 API.

Initial Design

This is my current UML diagram -- a work in progress. I think I have the basic structure, but obviously there are a few class attributes and functions missing.

Description of Classes

ControlUnit ControlUnit is the main class of the control module. An observer pattern is used with the GUI and Controller. It contains a list of data objects which can then be displayed by the GUI. The data objects have a specified type e.g. Picture, Text, ... and so it will be up to the GUI to organise how to display them. Therefore any knowledge of the task from which the data came is unnecessary. The ControlUnit class will also have the appropriate update functions to enable an observer pattern.

Communicator Communicator is used to set up a connection between the control and remote modules. The type of encryption can be set, by passing an EncryptionStandard object. Both the ControlUnit and Remote objects create instances of the Communicator object. The main way the remote and control units will communicate, is by serializing and sending Task objects. Once an object is serialized it is then encrypted and sent. When received it is first decrypted and then de-serialized.

Serializer The serializer class is used to serialize task objects and return them as a byte array. It is also used to de-serialize objects.

EncryptionStandard The use of EncryptionStandard with the various subclasses allows the program to be extended to incorporate various encryption types. For the current implementation, it is expected that "Unsecured" and "RSA" Encryption Standards will be implemented. But in future it is possible to add say, AES encryption. By using the Strategy pattern, each subclass overrides the EncryptionStandard's functions such as encrypt and decrypt.

Task By using the strategy pattern for the Task class, it allows easy modification to add new functionality to the program. Currently, Screenshot and Keylog functionality is provided, but it should be relatively simple to add more. Once a task is performed by the remote program, data is added to the task which is then sent back to the control unit. The data class can be one of various types.

Data Data is a class that carries information produced on the Remote host from performing a Task. It has a type attribute which describes the type of data it is, as well as a text heading.

Design Critique

Displaying of the data by a list of Data objects in ControlUnit is perhaps not optimal? The GUI still has to know about the Data types that are possible, but is this an inevitable coupling?

Design patterns/ideas/principles used

Strategy is used in the Task and EncryptionStandard class design. In both classes, different types of tasks and encryption standards perform various functions differently. Because of this, strategy was used to create subclasses with functions that override that of it's super class.

Open Closed Principle The open closed principle states that the design should be open for extension but closed to modification. Taking the example of Tasks, a new task subclass can be easily added (extension), without the Task object itself being changed (no modification). In saying this, modification will be required in relation to the GUI providing the option to select this new task, but this is an inevitable problem.

Singleton Only one communicator object can exist in each program??

Observer The design pattern used linking the ControlUnit class with the GUI is an Observer pattern. The GUI will look at the list of data objects and display them according to their type.

Separation of concerns The classes are created to capture a single abstraction in each class.

Design Improvements

Possible improvements.

Comments

Please feel free to leave any comments, criticisms, ideas or problems you have. Speak your mind! :P

Thanks to User: James Ashford for the project page template.